Re: Design Questions

From: Jason Elliot Robbins <jrobbins_at_collab.net>
Date: 2000-08-09 18:59:04 CEST

>
>Having fine-grained access control, a la Apache, is also necessary for us.
>We have even had customers ask to apply permission control via regexes -
>different right to *foo.bar and *bing.baz, even if they're in the same
>directory. Crazy, sure; but they did have a good reason for it, believe
>it or not. Again, we can just let Apache handle this for us by going
>through DAV.

Actually, key-value pairs for each object in the repository will be a
better long-term solution.

The customer in question wants to have one level of access control for
java interface files (i.e., a *.java file that contains a definition
of an interface) and a different set of permissions for files that
define java classes that implement those interfaces.

Currently, they use BlahIntf.java and BlahImpl.java, so regex's are a
workaround that works.

Long-term, I imagine a source code analysis tool (say written in perl)
that checks the actual contents of the code and assigns a key-value
pair to the ,v file. E.g., "proprietaty=no", or "proprietaty=yes"
and "ip_owner=mega_corp".

Some other key-value pairs might be put in manually or derived other
ways.

Then the permissions could be based on those key-value pairs.
jason!

-- 
Jason Robbins, Ph.D.      Collab.Net is hiring open source developers!
Chief Architect                             http://www.collab.net/jobs

Received on Sat Oct 21 14:36:06 2006

This message: [ Message body ]
Next message: Brian Behlendorf: "Re: NT porting gotcha"
Previous message: Brian Behlendorf: "Re: Design Questions"
In reply to: Brian Behlendorf: "Re: Design Questions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]